It seems like programs that can guess the text in CAPTCHA are constantly improving, meaning that humans have to answer increasingly harder CAPTCHAs. The logical conclusion of this is that eventually a computer will be able to identify anything that a human can identify.
So, computer programmer Dopers, I was wondering if there is a reason why we can’t replace the system with a question that shows an image (with the filename being something that does not reference the content) and asks the viewer to identify the image.
I could think of two potential problems with this, but I also thought of solutions for them.
A program could crawl the Internet for other occurrences of this image and look for text that identifies the picture. This could be resolved by using unique images, or altering the image significantly enough that such a program couldn’t match it to other versions.
Users might input data that doesn’t match the expected answer but is still correct - for instance, putting “calico cat” instead of “cat”. I think though that tagging images with multiple variations of phrases is doable.
Well, and I guess there’s also the fact that image licensing costs money. Is that enough of a barrier to prevent such a system from being put into place?
I think that you hit the nail on the head by identifying that there isn’t a unique word for everything, and that people may put something down that is semantically and grammatically correct, but isn’t what you expect.
E.g. you put down a picture of a passenger train, and some people will put “train”, others “metro”, “railway train”, “expressliner”, or somesuch.
What you might do is present a picture and provide a list of options for the user to select. E.g.
<Picture>
Is this:
A. A cat
B. A train
C. A bottle of beer
D. A little girl
A Captcha farm?? And I thought the chinese WOW sweatshops were bad. Ok can someone please enlighten me? What is the benefit of breaking CAPTCHAS? What good comes out of creating de-CAPTCHA farms, or creating really good programs to do it automatically? What is the incentive. I’m really clueless on this one.
How would you generate these images? If you’ve just got some dude working for your website who runs around with a camera and tags all his own pictures, then you’re going to end up with a pretty small library of images. After the spammer has made 100 (or however many) attempts against your captcha, he’s seen them all, and can then zip through them.
You can get a few thousand images from a stock photo library easily enough. And they don’t have to have unique answers; you can have a hundred different pictures of a dog if you want.
Still, with a multiple choice system, you just have to hit the thing a half-dozen times or so before you’re likely to get in by pure guessing.
An interesting way for captchas with images to work, according to wikipedia, is that you show a grid of like, 25-50 pictures. And you tell the user “click the pictures of the airplane, clock, and radio.” Could this easily be broken, assuming you had a database of a few thousand pictures that were easily categorizable into simple objects people could identify?
Something like this exists: TinEye, although I don’t know their exact algorithm. I’d imagine your Captchas would get quickly archived even if they were taken for the express purpose of your image identification.
Facebook employs an interesting twist on the picture CAPTCHA for authentication.
I recently traveled to the UK for work and decided to log in to Facebook from my hotel room. The international travel tripped some alarm bell at FB central command.
Before I was allowed to log in, they showed me a few dozen pictures of people who I am FB friends with and asked me to select their name from a short list of names. The trick is that they use any photo with the person tagged in it, not just the ones I have already seen.
This caused me consternation when they decided to show me some class photos from forty years ago with distant relatives buried among dozens of strangers—I had to simply guess (Looks like Brazil… Pick the only non-American name there.)
Nobody cares, is what. They might email an appeal to the site owner for special access, but how that would work for most sites is not entirely obvious and, of course, the request is likely to be marked as spam.
Anything you do to help the people you reference could be used by bots to break the system. That means it isn’t going to happen.
And also, the quest for more difficult CAPTCHA’s flies in the face of the US Federal Government’s “Section 508” accessibility guidelines, which are designed to help people with disabilities be able to navigate successfully online. Websites designed for the Government generally need to be “508 compliant”, meaning that they have to be usable e.g. if the user is blind and using a screen reader to read out the text of the web page. I can also see picture tests being difficult for people with profound cognitive difficulties.
Also, education could come into this. What if someone comes up with a Captcha that has a picture of three US cityscapes (without names) and the question is “Which of these cities was founded by the French?” That relies on the fact that the user has studied US history and geography at some depth, something that really can’t be guaranteed.
Alice pays Bob’s Backlinks to increase traffic to her web site or improve her position in Google. Bob pays Carol’s Captchas to break the CAPTCHA on the SDMB forum (and thousands of others) and sign up for accounts. Then he pays Dave’s Honest Articles to post “informative and on-topic posts” with links to Alice’s site. Carol and Dave pay sweatshop workers or run spambots.
Bob, Carol and Dave profit. Carol and Dave’s sweatshop workers don’t starve. Alice thinks she got a good deal, until a few months later when she discovers she’s vanished from Google (and Bob can fix that for a reasonable yearly fee…). The SDMB and everyone else gets clumsy spam written in poor English. Bob changes his Twitter bio to read “internet marketing guru and SEO expert” and sells free e-books explaining how to get rich.
(Actually there’s usually at least one more layer in there but that’s another thread)
And I’ve seen captchas with a link for an audio captcha instead, which would presumably be usable by the sight-impaired. I’m guessing these are more resource-intensive for the captcha company, though, which is why they give the visual ones first.
Well, part of the"why not" answer is scalability. It’s trivial to generate CAPTCHAs with word lists; you just need a fancy algorithm. Even the audio ones for the blind could be done using text to speech.
It’s much harder to do so for pictures. Not a problem with small websites, perhaps, but definitely an issue for the likes of Yahoo or Gmail.
We can’t easily generate unique, human-understandable pictures yet, and to fake it with publicly-available stock photography would get really expensive, really quick, and even a large image collection (say, a thousand dog pictures) is still tiny compared to the much greater number of possibilities for text-only CAPTCHAs. And that doesn’t even include the time and expense of having humans manually associate images with their proper words, something that computers can’t do very well yet. A potential way around this is to crowdsource image-CAPTCHA tagging, but even then you have to have some way to come up with hundreds of thousands of usable, copyright-free source images.
It’s been done years ago as KittenAuth. (The “proper” url is here, but the test is broken right now).
While there are a few different implementations around, I’ve never seen one actually protecting a site. I imagine as thelurkinghorror says, there are only so many kitten pics, and once you’ve logged them all you can break everything.
